Aggregator

CVE-2026-24415 | devcode-it openstamanager up to 2.9.8 GET Parameter htmlspecialchars righe cross site scripting (GHSA-jfgp-g7x7-j25j)

Vuldb Updates
1 month 2 weeks ago
A vulnerability was found in devcode-it openstamanager up to 2.9.8. It has been declared as problematic. This vulnerability affects the function htmlspecialchars of the component GET Parameter Handler. The manipulation of the argument righe results in cross site scripting. This vulnerability was named CVE-2026-24415. The attack may be performed from remote. There is no available exploit.
vuldb.com

CVE-2026-25590 | glpi-project glpi-inventory-plugin up to 1.6.5 cross site scripting (GHSA-54x7-6fhx-3wmw)

Vuldb Updates
1 month 2 weeks ago
A vulnerability identified as problematic has been detected in glpi-project glpi-inventory-plugin up to 1.6.5. The affected element is an unknown function. Performing a manipulation results in cross site scripting. This vulnerability is identified as CVE-2026-25590. The attack can be initiated remotely. There is not any exploit available. You should upgrade the affected component.
vuldb.com

CVE-2026-21866 | langgenius dify up to 1.11.1 Mermaid Diagram cross site scripting (GHSA-qpv6-75c2-75h4)

Vuldb Updates
1 month 2 weeks ago
A vulnerability described as problematic has been identified in langgenius dify up to 1.11.1. This impacts an unknown function of the component Mermaid Diagram Handler. The manipulation results in cross site scripting. This vulnerability is cataloged as CVE-2026-21866. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is recommended.
vuldb.com

CVE-2026-26266 | AliasVault up to 0.25.x Email cross site scripting (GHSA-f65p-p65r-g53q)

Vuldb Updates
1 month 2 weeks ago
A vulnerability was found in AliasVault up to 0.25.x. It has been classified as problematic. Impacted is an unknown function of the component Email Handler. This manipulation causes cross site scripting. This vulnerability is handled as CVE-2026-26266. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is recommended.
vuldb.com

CVE-2026-26272 | sysadminsmedia homebox 0.20.1/0.24.0 SVG File Parser cross site scripting (GHSA-55fv-9q6q-vpcr)

Vuldb Updates
1 month 2 weeks ago
A vulnerability was found in sysadminsmedia homebox 0.20.1/0.24.0. It has been declared as problematic. The affected element is an unknown function of the component SVG File Parser. Such manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2026-26272. The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.
vuldb.com

CVE-2026-27905 | BentoML up to 1.4.35 Bento safe_extract_tarfile link following (GHSA-m6w7-qv66-g3mf / Nessus ID 300821)

Vuldb Updates
1 month 2 weeks ago
A vulnerability categorized as critical has been discovered in BentoML up to 1.4.35. Affected is the function safe_extract_tarfile of the component Bento Handler. Executing a manipulation can lead to link following. This vulnerability is tracked as CVE-2026-27905. The attack is restricted to local execution. No exploit exists. It is advisable to upgrade the affected component.
vuldb.com

CVE-2026-27622 | AcademySoftwareFoundation OpenEXR up to 3.2.5/3.3.7/3.4.5 EXR File Parser readPixels out-of-bounds write (GHSA-cr4v-6jm6-4963)

Vuldb Updates
1 month 2 weeks ago
A vulnerability, which was classified as critical, was found in AcademySoftwareFoundation OpenEXR up to 3.2.5/3.3.7/3.4.5. Affected is the function CompositeDeepScanLine::readPixels of the component EXR File Parser. Such manipulation leads to out-of-bounds write. This vulnerability is traded as CVE-2026-27622. The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.
vuldb.com

美国考虑采用乌克兰拦截无人机以应对伊朗

不安全
1 month 2 weeks ago
好的,我现在需要帮用户总结一篇文章的内容,控制在100字以内。用户已经给了原文,我先仔细阅读一下。 文章主要讲乌克兰的拦截器被五角大楼和海湾国家考虑采购,用来对抗伊朗无人机。海湾国家之前用爱国者导弹,成本很高,现在库存减少,所以想借鉴乌克兰的低成本方法。乌克兰用几千美元的拦截器对抗俄罗斯的无人机,成本远低于爱国者导弹。最后提到乌克兰系统的销售需要协调。 接下来,我需要提取关键点:乌克兰拦截器、五角大楼和海湾国家谈判、替代爱国者导弹、低成本优势、协调销售。 然后组织语言,确保在100字以内,并且不使用“文章内容总结”之类的开头。可能的结构是:乌克兰制造的拦截器被考虑采购,作为爱国者导弹的替代方案,成本低,海湾国家寻求合作。 最后检查字数和准确性,确保信息完整且简洁。 乌克兰制造的廉价拦截器被考虑用于替代昂贵的“爱国者”导弹,以防御伊朗无人机袭击。五角大楼和海湾国家正与基辅谈判采购事宜。

js逆向神器

迪哥讲事
1 month 2 weeks ago
前言好久不见各位,最近在忙着备考,所以这段时间就没空发技术文章了。不过在过年这期间我抽空更新了一下插件,遂

js逆向神器

不安全
1 month 2 weeks ago
好的,用户希望我总结一篇关于环境异常的文章,控制在100字以内,并且不要用“文章内容总结”之类的开头。首先,我需要理解文章的主要内容。看起来文章提到当前环境异常,完成验证后可以继续访问,并有一个“去验证”的选项。 接下来,我要确保总结准确且简洁。可能的关键词包括“环境异常”、“验证”、“继续访问”。然后,组织语言使其流畅自然,不使用任何格式,直接描述文章内容。 最后,检查字数是否符合要求,并确保没有使用禁止的开头方式。这样就能提供一个清晰、简洁的总结,满足用户的需求。 当前环境异常,需完成验证后才能继续访问。

OpenAI Launches GPT-5.4 With Advanced Reasoning, Coding, and Computer-Use Capabilities

Cyber Security News
1 month 2 weeks ago

OpenAI on March 5, 2026, released GPT-5.4, its most capable and efficient frontier model to date, combining advanced reasoning, coding, and agentic workflows into a single unified system. The model is rolling out across ChatGPT (as GPT-5.4 Thinking), the API, and Codex, with a higher-performance GPT-5.4 Pro variant available for users requiring maximum compute on […]

The post OpenAI Launches GPT-5.4 With Advanced Reasoning, Coding, and Computer-Use Capabilities appeared first on Cyber Security News.

Guru Baran

深度揭秘:OpenClaw Skill市场的火爆、风险与防御

不安全
1 month 2 weeks ago
好的,我需要帮用户总结这篇文章的内容,控制在100字以内。首先,我得通读全文,抓住主要信息。 文章主要讲的是OpenClaw这个开源项目,它功能强大,但存在安全风险。特别是Skill生态中有很多伪装的恶意插件,这些插件可能窃取用户数据或控制电脑。文章还提到了一些防御措施和官方的安全改进。 接下来,我需要把这些要点浓缩成一句话。确保涵盖OpenClaw的功能、安全问题、恶意插件以及解决方案。 最后,检查字数是否在100字以内,并确保语言简洁明了。 OpenClaw 是一个功能强大的开源 AI 管家项目,但其开放的 Skill 生态隐藏着大量伪装成正常工具的恶意插件,可能导致数据泄露和系统被控。文章揭示了多种投毒手法及防御策略,并强调用户需谨慎审查插件来源以保障安全。

Kill

Dark Feed IO
1 month 2 weeks ago

You must login to view this content

cohenido

甲骨文拟裁员数千人以缓解资金紧张问题

不安全
1 month 2 weeks ago
好,我现在需要帮用户总结这篇文章的内容,控制在100字以内。首先,我得通读文章,抓住主要信息。文章提到甲骨文计划裁减数千个工作岗位,原因是资金紧张,而资金紧张是因为大规模AI数据中心的扩张计划。裁员将影响多个部门,可能在本月开始实施。另外,部分裁员集中在那些未来因AI发展而需求减少的岗位。董事长埃里森领导下,甲骨文正在扩张数据中心,为OpenAI等客户提供算力。这次裁员规模超过以往的滚动式裁员,并且云部门的招聘可能会放缓或冻结。 接下来,我要把这些信息浓缩成100字以内的总结。需要包括:甲骨文裁员、原因(资金紧张)、裁员范围(数千人)、涉及部门、时间(本月)、裁员重点(AI影响岗位)、扩张计划(数据中心为AI客户)、董事长埃里森、以及招聘放缓。 然后,我得组织语言,确保流畅且简洁。可能的结构是:甲骨文计划裁减数千人应对资金紧张;裁员涉及多个部门,本月开始;重点是AI影响的岗位;同时扩张数据中心支持AI客户;云部门招聘放缓。 最后检查字数是否符合要求,并确保没有使用“文章内容总结”等开头。 甲骨文计划裁减数千个工作岗位以应对资金紧张问题,这些裁员将影响多个业务部门,并最早于本月实施。部分裁员将集中在因AI发展需求减少的岗位类别。公司正在大规模建设数据中心以支持包括OpenAI在内的客户AI算力需求,并可能放缓或冻结云部门招聘进程。

NanoFarfield: A Portable Far-Field Antenna Measurement Platform (Coming Soon to Crowdfunding)

不安全
1 month 2 weeks ago
嗯,用户让我用中文总结一篇文章,控制在100字以内,而且不需要用“文章内容总结”这样的开头。首先,我需要仔细阅读文章,抓住主要内容。 文章主要介绍了一款名为“NanoFarfield”的便携式天线测量系统。它解决了传统测量方法需要昂贵的无回声室的问题,使用VNA和旋转平台,自动化测量天线的辐射模式。目标用户包括业余爱好者、学生和工程师。 接下来,我需要将这些信息浓缩到100字以内。要确保涵盖产品名称、功能、优势和目标用户。同时,语言要简洁明了,避免复杂的句子结构。 可能的结构是:介绍产品及其用途,说明其优势(如低成本、便携性),以及适用人群。这样就能在有限的字数内传达核心信息。 最后,检查字数是否符合要求,并确保没有使用任何禁止的开头语句。 "NanoFarfield"是一款便携式天线测量系统,通过低成本方法实现天线远场辐射模式测量。它无需昂贵的无回声室或大型设施,利用VNA和旋转平台自动化测量天线性能参数(如增益、方向性等),适用于业余爱好者、学生和工程师等群体。

PoC Exploit Released Cisco SD-WAN 0-Day Vulnerability Exploited in the Wild

Cyber Security News
1 month 2 weeks ago

A public proof-of-concept (PoC) exploit has been released for CVE-2026-20127, a maximum-severity zero-day vulnerability in Cisco Catalyst SD-WAN Controller and SD-WAN Manager that has been actively exploited in the wild since at least 2023. Cisco Talos is tracking the threat activity under the cluster UAT-8616, describing it as a “highly sophisticated cyber threat actor” targeting critical infrastructure […]

The post PoC Exploit Released Cisco SD-WAN 0-Day Vulnerability Exploited in the Wild appeared first on Cyber Security News.

Abinaya

从特朗普禁封Anthropic谈AI安全;Claude Code Security的安全编码问题 | FreeBuf热门电台精选集第十九期

不安全
1 month 2 weeks ago
嗯,用户让我帮忙总结一篇文章的内容,控制在100字以内,而且不需要特定的开头。首先,我需要仔细阅读文章内容,抓住主要信息。 文章标题提到“从特朗普禁封Anthropic谈AI安全”,还有Claude Code Security的安全编码问题。看起来这是FreeBuf电台的第十九期,讨论了多个AI安全相关的话题。 接下来,文章列出了几个具体的话题:AI的安全问题、Claude的安全编码问题、OpenClaw的危险性、保护AI Agent的策略、大语言模型在隐私中的应用,以及恶意程序分析工具。这些都是本期电台的重点内容。 用户的需求是总结内容,所以我要把这些要点浓缩成一句话。同时要注意字数限制和直接描述内容的要求。 最后,确保语言简洁明了,不使用任何开头套话。这样就能准确传达文章的核心内容了。 文章讨论了AI安全、Claude Code Security的安全编码问题及OpenClaw等技术的安全风险,并探讨了保护AI Agent和大语言模型隐私的应用策略。

Managed ad